CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2316 – Typora Local File Disclosure
https://notcve.org/view.php?id=CVE-2023-2316
19 Aug 2023 — Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. • https://starlabs.sg/advisories/23/23-2316 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2110 – Obsidian Local File Disclosure
https://notcve.org/view.php?id=CVE-2023-2110
19 Aug 2023 — Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. • https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2737 – Improper securing of log directory may allow a denial of service
https://notcve.org/view.php?id=CVE-2023-2737
16 Aug 2023 — Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. Los permisos de registro inadecuados en SafeNet Authentication Service versión 3.4.0 en Windows permiten que un atacante autenticado provoque una denegación de servicio mediante una escalada de privilegios local. Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to c... • https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=08f460ba47bba550c0e42e61e36d432f&sysparm_article=KB0027485 • CWE-276: Incorrect Default Permissions •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20560 –
https://notcve.org/view.php?id=CVE-2023-20560
15 Aug 2023 — Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7004 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20564 –
https://notcve.org/view.php?id=CVE-2023-20564
15 Aug 2023 — Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7004 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38402 – Arbitrary File Overwrite in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
https://notcve.org/view.php?id=CVE-2023-38402
15 Aug 2023 — A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process. A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit cou... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4333 – Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server
https://notcve.org/view.php?id=CVE-2023-4333
15 Aug 2023 — Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server Broadcom RAID Controller Web Interface no aplica la orden de cifrado SSL por el servidor. • https://www.broadcom.com/support/resources/product-security-center • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38401 – Local Privilege Escalation in HPE Aruba Networking Virtual Intranet Access (VIA) Microsoft Windows Client
https://notcve.org/view.php?id=CVE-2023-38401
15 Aug 2023 — A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-011.txt •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38741 – IBM TXSeries for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2023-38741
14 Aug 2023 — IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262905 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23208
https://notcve.org/view.php?id=CVE-2023-23208
13 Aug 2023 — Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. • https://docs.genesys.com/Documentation/RN/9.0.x/gax90rn/gax9010515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •